EP1872224A4 - System and method for scanning obfuscated files for pestware - Google Patents
System and method for scanning obfuscated files for pestwareInfo
- Publication number
- EP1872224A4 EP1872224A4 EP06769824A EP06769824A EP1872224A4 EP 1872224 A4 EP1872224 A4 EP 1872224A4 EP 06769824 A EP06769824 A EP 06769824A EP 06769824 A EP06769824 A EP 06769824A EP 1872224 A4 EP1872224 A4 EP 1872224A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- pestware
- scanning
- obfuscated files
- obfuscated
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/105,978 US7349931B2 (en) | 2005-04-14 | 2005-04-14 | System and method for scanning obfuscated files for pestware |
PCT/US2006/014004 WO2006121572A2 (en) | 2005-04-14 | 2006-04-14 | System and method for scanning obfuscated files for pestware |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1872224A2 EP1872224A2 (en) | 2008-01-02 |
EP1872224A4 true EP1872224A4 (en) | 2010-05-26 |
Family
ID=37110126
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP06769824A Withdrawn EP1872224A4 (en) | 2005-04-14 | 2006-04-14 | System and method for scanning obfuscated files for pestware |
Country Status (3)
Country | Link |
---|---|
US (1) | US7349931B2 (en) |
EP (1) | EP1872224A4 (en) |
WO (1) | WO2006121572A2 (en) |
Families Citing this family (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8539063B1 (en) | 2003-08-29 | 2013-09-17 | Mcafee, Inc. | Method and system for containment of networked application client software by explicit human input |
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US7873955B1 (en) * | 2004-09-07 | 2011-01-18 | Mcafee, Inc. | Solidifying the executable software set of a computer |
US7591016B2 (en) * | 2005-04-14 | 2009-09-15 | Webroot Software, Inc. | System and method for scanning memory for pestware offset signatures |
US20070006311A1 (en) * | 2005-06-29 | 2007-01-04 | Barton Kevin T | System and method for managing pestware |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
US20070074289A1 (en) * | 2005-09-28 | 2007-03-29 | Phil Maddaloni | Client side exploit tracking |
US20070094733A1 (en) * | 2005-10-26 | 2007-04-26 | Wilson Michael C | System and method for neutralizing pestware residing in executable memory |
US20070094726A1 (en) * | 2005-10-26 | 2007-04-26 | Wilson Michael C | System and method for neutralizing pestware that is loaded by a desirable process |
US20080281772A2 (en) * | 2005-11-30 | 2008-11-13 | Webroot Software, Inc. | System and method for managing access to storage media |
US8255992B2 (en) * | 2006-01-18 | 2012-08-28 | Webroot Inc. | Method and system for detecting dependent pestware objects on a computer |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US20070192761A1 (en) * | 2006-02-15 | 2007-08-16 | Ravi Sahita | Method for adding integrity information to portable executable (PE) object files after compile and link steps |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US8555404B1 (en) | 2006-05-18 | 2013-10-08 | Mcafee, Inc. | Connectivity-based authorization |
US7814544B1 (en) * | 2006-06-22 | 2010-10-12 | Symantec Corporation | API-profile guided unpacking |
US20080028462A1 (en) * | 2006-07-26 | 2008-01-31 | Michael Burtscher | System and method for loading and analyzing files |
US8578495B2 (en) * | 2006-07-26 | 2013-11-05 | Webroot Inc. | System and method for analyzing packed files |
US8065664B2 (en) * | 2006-08-07 | 2011-11-22 | Webroot Software, Inc. | System and method for defining and detecting pestware |
US8190868B2 (en) | 2006-08-07 | 2012-05-29 | Webroot Inc. | Malware management through kernel detection |
US7797746B2 (en) * | 2006-12-12 | 2010-09-14 | Fortinet, Inc. | Detection of undesired computer files in archives |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US9424154B2 (en) | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
KR100942795B1 (en) * | 2007-11-21 | 2010-02-18 | 한국전자통신연구원 | A method and a device for malware detection |
US7836174B2 (en) * | 2008-01-30 | 2010-11-16 | Commvault Systems, Inc. | Systems and methods for grid-based data scanning |
US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
US8782615B2 (en) * | 2008-04-14 | 2014-07-15 | Mcafee, Inc. | System, method, and computer program product for simulating at least one of a virtual environment and a debugging environment to prevent unwanted code from executing |
US8615502B2 (en) | 2008-04-18 | 2013-12-24 | Mcafee, Inc. | Method of and system for reverse mapping vnode pointers |
US8938806B1 (en) | 2008-06-26 | 2015-01-20 | Emc Corporation | Partial pattern detection with commonality factoring |
KR101027928B1 (en) * | 2008-07-23 | 2011-04-12 | 한국전자통신연구원 | Apparatus and Method for detecting obfuscated web page |
TWI401582B (en) * | 2008-11-17 | 2013-07-11 | Inst Information Industry | Monitor device, monitor method and computer program product thereof for hardware |
US8544003B1 (en) | 2008-12-11 | 2013-09-24 | Mcafee, Inc. | System and method for managing virtual machine configurations |
US8205263B1 (en) * | 2008-12-16 | 2012-06-19 | Symantec Corporation | Systems and methods for identifying an executable file obfuscated by an unknown obfuscator program |
US11489857B2 (en) | 2009-04-21 | 2022-11-01 | Webroot Inc. | System and method for developing a risk profile for an internet resource |
US9087195B2 (en) * | 2009-07-10 | 2015-07-21 | Kaspersky Lab Zao | Systems and methods for detecting obfuscated malware |
PT2460113T (en) | 2009-07-29 | 2017-10-13 | Reversinglabs Corp | Automated unpacking of portable executable files |
US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
US8832829B2 (en) * | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US9552497B2 (en) * | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8549003B1 (en) | 2010-09-12 | 2013-10-01 | Mcafee, Inc. | System and method for clustering host inventories |
US9075993B2 (en) | 2011-01-24 | 2015-07-07 | Mcafee, Inc. | System and method for selectively grouping and managing program files |
US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US20140150101A1 (en) * | 2012-09-12 | 2014-05-29 | Xecure Lab Co., Ltd. | Method for recognizing malicious file |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
WO2015060857A1 (en) | 2013-10-24 | 2015-04-30 | Mcafee, Inc. | Agent assisted malicious application blocking in a network environment |
US9208314B1 (en) * | 2013-12-19 | 2015-12-08 | Symantec Corporation | Systems and methods for distinguishing code of a program obfuscated within a packed program |
US10922189B2 (en) | 2016-11-02 | 2021-02-16 | Commvault Systems, Inc. | Historical network data-based scanning thread generation |
US10389810B2 (en) | 2016-11-02 | 2019-08-20 | Commvault Systems, Inc. | Multi-threaded scanning of distributed file systems |
US20220269807A1 (en) * | 2021-02-22 | 2022-08-25 | EMC IP Holding Company LLC | Detecting unauthorized encryptions in data storage systems |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997012322A1 (en) * | 1995-09-28 | 1997-04-03 | Symantec Corporation | Polymorphic virus detection module |
US20020078368A1 (en) * | 2000-07-14 | 2002-06-20 | Trevor Yann | Detection of polymorphic virus code using dataflow analysis |
US20030074573A1 (en) * | 2001-10-15 | 2003-04-17 | Hursey Nell John | Malware scanning of compressed computer files |
US20030115479A1 (en) * | 2001-12-14 | 2003-06-19 | Jonathan Edwards | Method and system for detecting computer malwares by scan of process memory after process initialization |
US20030212902A1 (en) * | 2002-05-13 | 2003-11-13 | Van Der Made Peter A.J. | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US20040015712A1 (en) * | 2002-07-19 | 2004-01-22 | Peter Szor | Heuristic detection of malicious computer code by page tracking |
Family Cites Families (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5442669A (en) | 1993-12-27 | 1995-08-15 | Medin; David L. | Perishable good integrity indicator |
US5485575A (en) | 1994-11-21 | 1996-01-16 | International Business Machines Corporation | Automatic analysis of a computer virus structure and means of attachment to its hosts |
US5812848A (en) | 1995-08-23 | 1998-09-22 | Symantec Corporation | Subclassing system for computer that operates with portable-executable (PE) modules |
US5826013A (en) | 1995-09-28 | 1998-10-20 | Symantec Corporation | Polymorphic virus detection module |
US6357008B1 (en) | 1997-09-23 | 2002-03-12 | Symantec Corporation | Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases |
US6400476B1 (en) * | 1997-12-31 | 2002-06-04 | Cisco Photonics Italy S.R.L. | Method and apparatus for transparent optical communication with two-fiber bidirectional ring with autoprotection and management of low priority traffic |
US6192512B1 (en) | 1998-09-24 | 2001-02-20 | International Business Machines Corporation | Interpreter with virtualized interface |
JP3837244B2 (en) | 1998-10-23 | 2006-10-25 | 松下電器産業株式会社 | Program linking apparatus and method |
US6851057B1 (en) | 1999-11-30 | 2005-02-01 | Symantec Corporation | Data driven detection of viruses |
US6971019B1 (en) | 2000-03-14 | 2005-11-29 | Symantec Corporation | Histogram-based virus detection |
US6775780B1 (en) | 2000-03-16 | 2004-08-10 | Networks Associates Technology, Inc. | Detecting malicious software by analyzing patterns of system calls generated during emulation |
US6735703B1 (en) | 2000-05-08 | 2004-05-11 | Networks Associates Technology, Inc. | Multi-platform sequence-based anomaly detection wrapper |
US6973577B1 (en) | 2000-05-26 | 2005-12-06 | Mcafee, Inc. | System and method for dynamically detecting computer viruses through associative behavioral analysis of runtime state |
US6973578B1 (en) | 2000-05-31 | 2005-12-06 | Networks Associates Technology, Inc. | System, method and computer program product for process-based selection of virus detection actions |
US6931540B1 (en) | 2000-05-31 | 2005-08-16 | Networks Associates Technology, Inc. | System, method and computer program product for selecting virus detection actions based on a process by which files are being accessed |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US6954861B2 (en) | 2000-07-14 | 2005-10-11 | America Online, Inc. | Identifying unauthorized communication systems based on their memory contents |
US7178166B1 (en) | 2000-09-19 | 2007-02-13 | Internet Security Systems, Inc. | Vulnerability assessment and authentication of a computer by a local scanner |
US7150045B2 (en) | 2000-12-14 | 2006-12-12 | Widevine Technologies, Inc. | Method and apparatus for protection of electronic media |
WO2002091146A2 (en) | 2001-05-09 | 2002-11-14 | Ecd Systems, Inc. | Systems and methods for the prevention of unauthorized use and manipulation of digital content |
US7421587B2 (en) | 2001-07-26 | 2008-09-02 | Mcafee, Inc. | Detecting computer programs within packed computer files |
US7540031B2 (en) | 2001-08-01 | 2009-05-26 | Mcafee, Inc. | Wireless architecture with malware scanning component manager and associated API |
US7234167B2 (en) | 2001-09-06 | 2007-06-19 | Mcafee, Inc. | Automatic builder of detection and cleaning routines for computer viruses |
US7506374B2 (en) | 2001-10-31 | 2009-03-17 | Computer Associates Think, Inc. | Memory scanning system and method |
US7150042B2 (en) | 2001-12-06 | 2006-12-12 | Mcafee, Inc. | Techniques for performing malware scanning of files stored within a file storage device of a computer network |
US7266843B2 (en) | 2001-12-26 | 2007-09-04 | Mcafee, Inc. | Malware scanning to create clean storage locations |
US6681972B1 (en) | 2002-03-19 | 2004-01-27 | J&C Tapocik, Inc. | Hands-free holder which will hold an airline ticket, an identification, credit cards and cash while worn around a user's neck |
AU2003234720A1 (en) | 2002-04-13 | 2003-11-03 | Computer Associates Think, Inc. | System and method for detecting malicicous code |
US7155742B1 (en) | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
US7409717B1 (en) | 2002-05-23 | 2008-08-05 | Symantec Corporation | Metamorphic computer virus detection |
GB2391965B (en) | 2002-08-14 | 2005-11-30 | Messagelabs Ltd | Method of, and system for, heuristically detecting viruses in executable code |
US7337471B2 (en) | 2002-10-07 | 2008-02-26 | Symantec Corporation | Selective detection of malicious computer code |
US7216367B2 (en) | 2003-02-21 | 2007-05-08 | Symantec Corporation | Safe memory scanning |
WO2004077294A1 (en) | 2003-02-26 | 2004-09-10 | Secure Ware Inc. | Unauthorized processing judgment method, data processing device, computer program, and recording medium |
US8171551B2 (en) | 2003-04-01 | 2012-05-01 | Mcafee, Inc. | Malware detection using external call characteristics |
GB2400197B (en) | 2003-04-03 | 2006-04-12 | Messagelabs Ltd | System for and method of detecting malware in macros and executable scripts |
US7231667B2 (en) | 2003-05-29 | 2007-06-12 | Computer Associates Think, Inc. | System and method for computer virus detection utilizing heuristic analysis |
US7257842B2 (en) | 2003-07-21 | 2007-08-14 | Mcafee, Inc. | Pre-approval of computer files during a malware detection |
US7644441B2 (en) | 2003-09-26 | 2010-01-05 | Cigital, Inc. | Methods for identifying malicious software |
US8627458B2 (en) | 2004-01-13 | 2014-01-07 | Mcafee, Inc. | Detecting malicious computer program activity using external program calls with dynamic rule sets |
US7913305B2 (en) | 2004-01-30 | 2011-03-22 | Microsoft Corporation | System and method for detecting malware in an executable code module according to the code module's exhibited behavior |
US7707634B2 (en) | 2004-01-30 | 2010-04-27 | Microsoft Corporation | System and method for detecting malware in executable scripts according to its functionality |
US7620990B2 (en) | 2004-01-30 | 2009-11-17 | Microsoft Corporation | System and method for unpacking packed executables for malware evaluation |
US20050262567A1 (en) | 2004-05-19 | 2005-11-24 | Itshak Carmona | Systems and methods for computer security |
US20050268112A1 (en) | 2004-05-28 | 2005-12-01 | Microsoft Corporation | Managing spyware and unwanted software through auto-start extensibility points |
US7568230B2 (en) | 2004-06-09 | 2009-07-28 | Lieberman Software Corporation | System for selective disablement and locking out of computer system objects |
US7596809B2 (en) | 2004-06-14 | 2009-09-29 | Lionic Corporation | System security approaches using multiple processing units |
US7401184B2 (en) | 2004-11-19 | 2008-07-15 | Intel Corporation | Matching memory transactions to cache line boundaries |
US7636856B2 (en) | 2004-12-06 | 2009-12-22 | Microsoft Corporation | Proactive computer malware protection through dynamic translation |
US7836504B2 (en) | 2005-03-01 | 2010-11-16 | Microsoft Corporation | On-access scan of memory for malware |
-
2005
- 2005-04-14 US US11/105,978 patent/US7349931B2/en active Active
-
2006
- 2006-04-14 WO PCT/US2006/014004 patent/WO2006121572A2/en active Application Filing
- 2006-04-14 EP EP06769824A patent/EP1872224A4/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997012322A1 (en) * | 1995-09-28 | 1997-04-03 | Symantec Corporation | Polymorphic virus detection module |
US20020078368A1 (en) * | 2000-07-14 | 2002-06-20 | Trevor Yann | Detection of polymorphic virus code using dataflow analysis |
US20030074573A1 (en) * | 2001-10-15 | 2003-04-17 | Hursey Nell John | Malware scanning of compressed computer files |
US20030115479A1 (en) * | 2001-12-14 | 2003-06-19 | Jonathan Edwards | Method and system for detecting computer malwares by scan of process memory after process initialization |
US20030212902A1 (en) * | 2002-05-13 | 2003-11-13 | Van Der Made Peter A.J. | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US20040015712A1 (en) * | 2002-07-19 | 2004-01-22 | Peter Szor | Heuristic detection of malicious computer code by page tracking |
Also Published As
Publication number | Publication date |
---|---|
EP1872224A2 (en) | 2008-01-02 |
US20060236397A1 (en) | 2006-10-19 |
WO2006121572A3 (en) | 2007-03-22 |
WO2006121572A2 (en) | 2006-11-16 |
US7349931B2 (en) | 2008-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1872224A4 (en) | System and method for scanning obfuscated files for pestware | |
EP1849059A4 (en) | Document aspect system and method | |
EP1934884A4 (en) | Apparatus and method for restricting file operations | |
EP1869909A4 (en) | System and method for ranging | |
EP1898333A4 (en) | Authentication system and authentication method | |
GB0608841D0 (en) | Scanner system and method for scanning | |
EP1899857A4 (en) | System and method for auto-reuse of document text | |
GB0514325D0 (en) | Method and system for obtaining information | |
EP1958428A4 (en) | Service-queue-management and production-management system and method | |
EP1880540A4 (en) | Scanning systems and methods | |
EP1955269A4 (en) | Method and system for authorising returns | |
IL185509A0 (en) | System and method for network-based object authentication | |
EP1965308A4 (en) | Document processing system and method | |
EP1872193A4 (en) | System and method for viewing and editing multi-value properties | |
GB2452895B (en) | Method and system for document comparison using cross plane comparison | |
EP1851667A4 (en) | System and method for privacy managemen | |
GB0515362D0 (en) | Document creation system and related methods | |
EP2093675A4 (en) | Document base system and method for extending the function of the document base system | |
ZA200707346B (en) | Combustion method and system | |
EP1946239A4 (en) | System and/or method for role-based authorization | |
GB0515360D0 (en) | Document creation system and related methods | |
GB0515354D0 (en) | Document creation system and related methods | |
HK1126835A1 (en) | Improved construction system, method and apparatus | |
GB0515355D0 (en) | Document creation system and related methods | |
EP1965314A4 (en) | Document processing system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20071030 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20100428 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/00 20060101AFI20100422BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20100603 |